// SPDX-License-Identifier: GPL-2.0 /* * linux/fs/nfs/callback.c * * Copyright (C) 2004 Trond Myklebust * * NFSv4 callback handling */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include "nfs4_fs.h" #include "callback.h" #include "internal.h" #include "netns.h" #define NFSDBG_FACILITY NFSDBG_CALLBACK struct nfs_callback_data { unsigned int users; struct svc_serv *serv; }; static struct nfs_callback_data nfs_callback_info[NFS4_MAX_MINOR_VERSION + 1]; static DEFINE_MUTEX(nfs_callback_mutex); static struct svc_program nfs4_callback_program; static int nfs4_callback_up_net(struct svc_serv *serv, struct net *net) { const struct cred *cred = current_cred(); int ret; struct nfs_net *nn = net_generic(net, nfs_net_id); ret = svc_xprt_create(serv, "tcp", net, PF_INET, nfs_callback_set_tcpport, SVC_SOCK_ANONYMOUS, cred); if (ret <= 0) goto out_err; nn->nfs_callback_tcpport = ret; dprintk("NFS: Callback listener port = %u (af %u, net %x)\n", nn->nfs_callback_tcpport, PF_INET, net->ns.inum); ret = svc_xprt_create(serv, "tcp", net, PF_INET6, nfs_callback_set_tcpport, SVC_SOCK_ANONYMOUS, cred); if (ret > 0) { nn->nfs_callback_tcpport6 = ret; dprintk("NFS: Callback listener port = %u (af %u, net %x)\n", nn->nfs_callback_tcpport6, PF_INET6, net->ns.inum); } else if (ret != -EAFNOSUPPORT) goto out_err; return 0; out_err: return (ret) ? ret : -ENOMEM; } /* * This is the NFSv4 callback kernel thread. */ static int nfs4_callback_svc(void *vrqstp) { struct svc_rqst *rqstp = vrqstp; svc_thread_init_status(rqstp, 0); set_freezable(); while (!svc_thread_should_stop(rqstp)) svc_recv(rqstp); svc_exit_thread(rqstp); return 0; } #if defined(CONFIG_NFS_V4_1) static inline void nfs_callback_bc_serv(u32 minorversion, struct rpc_xprt *xprt, struct svc_serv *serv) { if (minorversion) /* * Save the svc_serv in the transport so that it can * be referenced when the session backchannel is initialized */ xprt->bc_serv = serv; } #else static inline void nfs_callback_bc_serv(u32 minorversion, struct rpc_xprt *xprt, struct svc_serv *serv) { } #endif /* CONFIG_NFS_V4_1 */ static int nfs_callback_start_svc(int minorversion, struct rpc_xprt *xprt, struct svc_serv *serv) { int nrservs = nfs_callback_nr_threads; int ret; nfs_callback_bc_serv(minorversion, xprt, serv); if (nrservs < NFS4_MIN_NR_CALLBACK_THREADS) nrservs = NFS4_MIN_NR_CALLBACK_THREADS; if (serv->sv_nrthreads == nrservs) return 0; ret = svc_set_num_threads(serv, NULL, nrservs); if (ret) { svc_set_num_threads(serv, NULL, 0); return ret; } dprintk("nfs_callback_up: service started\n"); return 0; } static void nfs_callback_down_net(u32 minorversion, struct svc_serv *serv, struct net *net) { struct nfs_net *nn = net_generic(net, nfs_net_id); if (--nn->cb_users[minorversion]) return; dprintk("NFS: destroy per-net callback data; net=%x\n", net->ns.inum); svc_xprt_destroy_all(serv, net); } static int nfs_callback_up_net(int minorversion, struct svc_serv *serv, struct net *net, struct rpc_xprt *xprt) { struct nfs_net *nn = net_generic(net, nfs_net_id); int ret; if (nn->cb_users[minorversion]++) return 0; dprintk("NFS: create per-net callback data; net=%x\n", net->ns.inum); ret = svc_bind(serv, net); if (ret < 0) { printk(KERN_WARNING "NFS: bind callback service failed\n"); goto err_bind; } ret = 0; if (!IS_ENABLED(CONFIG_NFS_V4_1) || minorversion == 0) ret = nfs4_callback_up_net(serv, net); else if (xprt->ops->bc_setup) set_bc_enabled(serv); else ret = -EPROTONOSUPPORT; if (ret < 0) { printk(KERN_ERR "NFS: callback service start failed\n"); goto err_socks; } return 0; err_socks: svc_rpcb_cleanup(serv, net); err_bind: nn->cb_users[minorversion]--; dprintk("NFS: Couldn't create callback socket: err = %d; " "net = %x\n", ret, net->ns.inum); return ret; } static struct svc_serv *nfs_callback_create_svc(int minorversion) { struct nfs_callback_data *cb_info = &nfs_callback_info[minorversion]; int (*threadfn)(void *data); struct svc_serv *serv; /* * Check whether we're already up and running. */ if (cb_info->serv) return cb_info->serv; /* * Sanity check: if there's no task, * we should be the first user ... */ if (cb_info->users) printk(KERN_WARNING "nfs_callback_create_svc: no kthread, %d users??\n", cb_info->users); threadfn = nfs4_callback_svc; #if !defined(CONFIG_NFS_V4_1) if (minorversion) return ERR_PTR(-ENOTSUPP); #endif serv = svc_create(&nfs4_callback_program, NFS4_CALLBACK_BUFSIZE, threadfn); if (!serv) { printk(KERN_ERR "nfs_callback_create_svc: create service failed\n"); return ERR_PTR(-ENOMEM); } cb_info->serv = serv; /* As there is only one thread we need to over-ride the * default maximum of 80 connections */ serv->sv_maxconn = 1024; dprintk("nfs_callback_create_svc: service created\n"); return serv; } /* * Bring up the callback thread if it is not already up. */ int nfs_callback_up(u32 minorversion, struct rpc_xprt *xprt) { struct svc_serv *serv; struct nfs_callback_data *cb_info = &nfs_callback_info[minorversion]; int ret; struct net *net = xprt->xprt_net; mutex_lock(&nfs_callback_mutex); serv = nfs_callback_create_svc(minorversion); if (IS_ERR(serv)) { ret = PTR_ERR(serv); goto err_create; } ret = nfs_callback_up_net(minorversion, serv, net, xprt); if (ret < 0) goto err_net; ret = nfs_callback_start_svc(minorversion, xprt, serv); if (ret < 0) goto err_start; cb_info->users++; err_net: if (!cb_info->users) { svc_set_num_threads(cb_info->serv, NULL, 0); svc_destroy(&cb_info->serv); } err_create: mutex_unlock(&nfs_callback_mutex); return ret; err_start: nfs_callback_down_net(minorversion, serv, net); dprintk("NFS: Couldn't create server thread; err = %d\n", ret); goto err_net; } /* * Kill the callback thread if it's no longer being used. */ void nfs_callback_down(int minorversion, struct net *net) { struct nfs_callback_data *cb_info = &nfs_callback_info[minorversion]; struct svc_serv *serv; mutex_lock(&nfs_callback_mutex); serv = cb_info->serv; nfs_callback_down_net(minorversion, serv, net); cb_info->users--; if (cb_info->users == 0) { svc_set_num_threads(serv, NULL, 0); dprintk("nfs_callback_down: service destroyed\n"); svc_destroy(&cb_info->serv); } mutex_unlock(&nfs_callback_mutex); } /* Boolean check of RPC_AUTH_GSS principal */ int check_gss_callback_principal(struct nfs_client *clp, struct svc_rqst *rqstp) { char *p = rqstp->rq_cred.cr_principal; if (rqstp->rq_authop->flavour != RPC_AUTH_GSS) return 1; /* No RPC_AUTH_GSS on NFSv4.1 back channel yet */ if (clp->cl_minorversion != 0) return 0; /* * It might just be a normal user principal, in which case * userspace won't bother to tell us the name at all. */ if (p == NULL) return 0; /* * Did we get the acceptor from userland during the SETCLIENID * negotiation? */ if (clp->cl_acceptor) return !strcmp(p, clp->cl_acceptor); /* * Otherwise try to verify it using the cl_hostname. Note that this * doesn't work if a non-canonical hostname was used in the devname. */ /* Expect a GSS_C_NT_HOSTBASED_NAME like "nfs@serverhostname" */ if (memcmp(p, "nfs@", 4) != 0) return 0; p += 4; if (strcmp(p, clp->cl_hostname) != 0) return 0; return 1; } /* * pg_authenticate method for nfsv4 callback threads. * * The authflavor has been negotiated, so an incorrect flavor is a server * bug. Deny packets with incorrect authflavor. * * All other checking done after NFS decoding where the nfs_client can be * found in nfs4_callback_compound */ static enum svc_auth_status nfs_callback_authenticate(struct svc_rqst *rqstp) { rqstp->rq_auth_stat = rpc_autherr_badcred; switch (rqstp->rq_authop->flavour) { case RPC_AUTH_NULL: if (rqstp->rq_proc != CB_NULL) return SVC_DENIED; break; case RPC_AUTH_GSS: /* No RPC_AUTH_GSS support yet in NFSv4.1 */ if (svc_is_backchannel(rqstp)) return SVC_DENIED; } rqstp->rq_auth_stat = rpc_auth_ok; return SVC_OK; } /* * Define NFS4 callback program */ static const struct svc_version *nfs4_callback_version[] = { [1] = &nfs4_callback_version1, [4] = &nfs4_callback_version4, }; static struct svc_program nfs4_callback_program = { .pg_prog = NFS4_CALLBACK, /* RPC service number */ .pg_nvers = ARRAY_SIZE(nfs4_callback_version), /* Number of entries */ .pg_vers = nfs4_callback_version, /* version table */ .pg_name = "NFSv4 callback", /* service name */ .pg_class = "nfs", /* authentication class */ .pg_authenticate = nfs_callback_authenticate, .pg_init_request = svc_generic_init_request, .pg_rpcbind_set = svc_generic_rpcbind_set, };